[elinks-dev] download tmpnam patch
Navin P
navinp at gmail.com
Sat Dec 23 11:53:47 MST 2006
Hi,
Please review and apply.
diff -pr elinks_old/src/session/download.c elinks/src/session/download.c
*** elinks_old/src/session/download.c 2006-12-23 18:10:38.000000000 -0800
--- elinks/src/session/download.c 2006-12-23 23:59:16.000000000 -0800
*************** get_temp_name(struct uri *uri)
*** 748,768 ****
{
struct string name;
unsigned char *extension;
! /* FIXME
! * We use tempnam() here, which is unsafe (race condition), for now.
! * This should be changed at some time, but it needs an in-depth work
! * of whole download code. --Zas */
! unsigned char *nm = tempnam(NULL, ELINKS_TEMPNAME_PREFIX);
! if (!nm) return NULL;
if (!init_string(&name)) {
! free(nm);
return NULL;
}
add_to_string(&name, nm);
! free(nm);
extension = get_extension_from_uri(uri);
if (extension) {
--- 748,790 ----
{
struct string name;
unsigned char *extension;
! unsigned char *nm,tm[22],*km,*pm;
! unsigned long long t,k;
! km=get_tempdir_filename(ELINKS_TEMPNAME_PREFIX);
!
! srand(time(NULL));
! t=rand()+ time(NULL) + 1LL;
! sprintf(tm,"%llu",t);
!
! pm=mem_realloc(km,strlen(km)+strlen(tm)+ 1+);
!
! if(pm==NULL) {
! mem_free(km);
! return NULL;
! }
!
! strcat(pm,tm);
!
! /* This function already exists.We are using
! * some rand() as prefix in get_tempdir_filename
! * .This should fix the race condition even if
! * the file exists.The rand() is not necessarily
! * required but helps.
! * --navin */
!
! nm=get_unique_name(pm);
if (!init_string(&name)) {
! mem_free(nm);
! mem_free(pm);
return NULL;
}
add_to_string(&name, nm);
!
! mem_free(pm);
! mem_free(nm);
extension = get_extension_from_uri(uri);
if (extension) {
*************** continue_download(void *data, unsigned c
*** 925,931 ****
}
if (type_query->external_handler) {
- /* FIXME: get_temp_name() calls tempnam(). --Zas */
file = get_temp_name(type_query->uri);
if (!file) {
mem_free(codw_hop);
--- 947,952 ----
More information about the elinks-dev
mailing list